Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Modifying The IIS SMTP Banner

Sponsor

When you connect to a mail server using telnet you will receive a message telling you some basic information about the mail server, including FQDN of the server, the protocol, server version and the date, time and time zone.

The following is an example of such a banner.

220 Server.Domain.Com Microsoft ESMTP MAIL Service, Version: 6.5.7226.0 ready at Sun, 09 Jan 05 10:42:33 -600

We can change this banner to hide the server type and version number, or to put a unique identifier in there to help you remember which server you are connected to. Why hide the server type and version number? Well it allows a hacker to find out what type of server you are running, changing the banner to look like the banner for a different type of server, Sendmail for example, would have them attacking Sendmail exploits which should have no effect on your Exchange servers.

On your Exchange 2003 server, from a command prompt, we need to go into the C:\Inetpud\Adminscripts directory. From here we need to run the following command to change the banner message.

cscript adsutil.vbs set smtpscv/ vsi number /connectresponse "New banner message"

Vsi number is the virtual server instance for which you want to change the banner for, you can hve different banner messages for each virtual server. After you have run this command you need to restart the SMTP Service and then you should see your new message appear as:

220 Server.Domain.Com New banner message ready at Sun, 09 Jan 05 10:42:33 -600

For Exchange 2000/2003 POP3 and IMAP4 the procedure is a little bit different. Also with POP3 and IMAP4 we can also specify a disconnect message. Before we get to the command to change the message we need to know the metabase values for the each protocols message banners.

  • POP3 Connection String - 41661
  • POP3 Disconnection String - 41662
  • IMAP4 Connection String - 49884
  • IMAP4 Disconnection String - 49885

With this information we can proceed. The commands to change the banner messages are:

smtpmd SET -path pop3svc/1 -dtype STRING -prop 41661 -value "SMTP connection message"

smtpmd SET -path pop3svc/1 -dtype STRING -prop 41662 -value "SMTP disconnect message"

smtpmd SET -path imap4svc/1 -dtype STRING -prop 49884 -value "IMAP4 connection message"

smtpmd SET -path imap4svc/1 -dtype STRING -prop 49885 -value "IMAP4 disconnect message"

Again you will need to restart the POP3 and IMAP4 services for the change to take hold. Also beware that changing the wrong property can cause irreversible damage to your metabase leaving you with a reinstall job.

For more information see:

How To Backup and Restore the IIS Metabase





Published Thursday, June 16, 2005 10:00 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

 
 
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008